Age | Commit message (Collapse) | Author | Files | Lines |
|
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
|
|
|
|
This ensures that we have some check on the session keys being returned
as the RC4 cipher is not checksumed.
The check comes from the fact that the credentials chain is tied to
the session key, and so if the credentials check passes then the
netlogon session key will be correct, and so the user session key
will be correctly decrypted.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Mar 19 21:31:46 CET 2012 on sn-devel-104
|
|
process died.
This applies to all child processes making use of reinit_after_fork().
It is implemented by establishing a pipe between parent and child.
The child watches for EOF on the read end of the pipe, indidcating
an exited parent.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created, stopping some configurations from running.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This will help avoid runaway processes in the test env, particularly when
the whole selftest.pl is killed.
Andrew Bartlett
|
|
NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
|
|
wbcIdType and id_type have the same values, but different names
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Feb 25 23:46:36 CET 2012 on sn-devel-104
|
|
This allows ntlm_auth --diagnostics to work against the local DC, just
as it works against a member server.
Andrew Bartlett
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
|
|
sys_poll() is only needed if the signal pipe is set up and used, but as
no signal handler ever writes to the pipe, this can all be removed.
signal based events are now handled via tevent.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
The flag can_do_validation6 was only set for the domain to which
winbindd is the member. Setting this flag in other domains (trusted
domain) if it's active directory domain is a good idea as it allow to do
level 6 validation also when winbindd is querying them directly.
|
|
"local" is always False, so simply remove it and the if statement
checking its value.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 6 23:27:48 CET 2012 on sn-devel-104
|
|
authenticating through winbind
This could cause that we authenticate a user with a bogus domain to
winbind's domain if the password supplied for the PAM_AUTH match.
The problem was reported by Jeff Venable (jvenable@juniper.net).
Patch from Andrew Bartlett (abartlett@samba.org).
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Mon Jan 30 18:58:12 CET 2012 on sn-devel-104
|
|
cli_pipe_open_generic/spnego()
This allows the target service (as determined from the IDL) to be
passed to GSSAPI (rather than the current, incorrect, "cifs").
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This also avoids passing NULL as the server to
gensec_set_target_hostname() in spnego_generic_init_client().
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jan 5 17:16:45 CET 2012 on sn-devel-104
|
|
This fixes bug #8678.
The issue is caused by bug #8608.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Wed Jan 4 18:30:53 CET 2012 on sn-devel-104
|
|
This the first part to fix bug #8678.
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Dec 20 13:13:17 CET 2011 on sn-devel-104
|
|
reduce the amount of transactions that are mostly unnecessary because no
updates were done, only reads
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri Dec 16 20:18:37 CET 2011 on sn-devel-104
|
|
All callers to messaging_[re]init only used procid_self()
|
|
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
|
|
With 57b3d32 we changed the format for the winbind cache database and
the code deleted the database for the upgrade. As this database holds
also cached credentials, removing it is not an option. We need to update
from version 1 to version 2.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 3 03:47:58 CET 2011 on sn-devel-104
|
|
DR and DE have been removed with
0834574fdd6b469797b3b6a4edd45f321b9b9971.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Fri Dec 2 19:02:45 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Nov 28 17:14:27 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 25 13:23:30 CET 2011 on sn-devel-104
|
|
metze
|
|
Within a callback routine it is not possible to call tevent_req_post
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Nov 22 19:17:30 CET 2011 on sn-devel-104
|
|
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Nov 21 19:58:58 CET 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Nov 17 03:47:53 CET 2011 on sn-devel-104
|
|
Guenther
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 16 14:03:05 CET 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
This fixes bug #8608.
If you join samba with idmap_ad backend to an AD. When you try to
enumerate users with 'getent passwd' and the user doesn't have a uid
set, then getent is aborted cause of NT_STATUS_NONE_MAPPED. If we can't
map a user we should not stop but continue enumerating users.
This normally happens with the default user 'krbtgt' with idmap_ad but
could also happen with other backends.
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Tue Nov 15 16:52:04 CET 2011 on sn-devel-104
|
|
|
|
Guenther
|
|
metze
|
|
Fix confirmed by reporter.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 28 23:04:47 CEST 2011 on sn-devel-104
|
|
This is to provide a cleaner namespace in the public samba plugin
functions.
Andrew Bartlett
|
|
Change some misleading variable names to reflect the actual function.
Add missing field name/types previously marked as unkown.
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 24 19:19:28 CEST 2011 on sn-devel-104
|
|
this is needed to allocate gids for BUILTIN\Users and
BUILTIN\Administrators and for local users/group that
admins might want to create
autorid will now allocate one range for this purpose
and can so give out as many uids and gids as the
configured rangesize allows
|
|
we will need some more HWM soon, so move out initialization and
optimize the logic using the new interface of dbwrap_fetch_uint32
|
|
this prepares for allocation of non-domain ranges that cannot be
expressed by a SID (e.g. an allocation pool)
|